[PHP] A simple loginscript

[Unknowndeepness]

Hey there everyone.

I thought it would be a good idea to show you how to create a (very) simple loginscript.
I know i had huge problems doing this, so ill make it simple for you guys
Dont think i have to explain anything before the tutorial, so "lets rock!"

First of, we want to make an loginform, this is made by some simple HTML code, something like this:

Code:

<form action="login.php" method="POST" name="login">
Username<input type="text" name="username"><br>
Password<input type="password" name="password"><br>
<input type="submit" name="submit" value="Submit">
<input type="reset" name="reset" value="Reset">A
</form>

Now, lets break it down, so you know im not messing around with you

Code:

<form action="login.php" method="POST" name="login">
....
</form>

I guess you all know the form-tag. This code is very simple, it will just tell the brower to send all the information inside the form to login.php (action="login.php") with the post-method (method="POST").
There is two methods you can use, these are POST and GET. I'll use POST, since GET will send the information along with the URL (ex. http://www.your-url.com/login.php?userna...=yourpass) - which is'nt very safe. POST will send all the information hidden, so, i'll use that. You do as you want
The name isnt anything we'll go further into now.

Code:

Username<input type="text" name="username"><br>
Password<input type="password" name="password"><br>
<input type="submit" name="submit" value="Submit">
<input type="reset" name="reset" value="Reset">

This will just make 2 boxes to write your username and password in, and two buttons (one to send the data and one to reset all inputboxes).
The name of the username-box and the password-box is important. This will be used later.

Right, moving on. Now we need to have a login.php:

PHP Code:

<?php

$username = $_POST["username"];
$password = $_POST["password"];

if ($username == testuser) {
        if($password == testpass){setcookie("MyCookie", $username); }
        else { die ("Wrong password"); }
        }

else { die ("Wrong username"); }

?>
Click <a href="memberspage.php">here</a> to move on. 


Beautiful! *not*

Okay, lets break this down aswell!

PHP Code:

...
$username = $_POST["username"];
$password = $_POST["password"];
... 


This is just to simplify a little, its CAN work without it, but simplifying is good, so..
Anyway, what is does is that it makes a variable called username / password, and then it gets the POST variable called username / password (This is where the names from the forms comes in. If we had called "password" for "pass", then $_POST["password"] would be $_POST["pass"]. Simple!) and just puts its value in it.

PHP Code:

if ($username == testuser) {
        if($password == testpass){...}
        else { die ("Wrong password"); }
        }

else { die ("Wrong username"); } 


Yes, i know. This is a one-user-only-loginform. Sry about that, but hey, If you read Virtuals post called "[ PHP ] Sessions & Cookies" (Why is it called Sessions & Cookies? Its about MySQL, Right?) you will know everything about MySQL. Then you can use a multi-user-login!

Anyway, What it will do is to check if $username is testuser, and $password is testpass, and if it isnt - it dies. Of course you'll have to change these the testuser and testpass to whatever you want.

PHP Code:

{setcookie("MyCookie", $username); } 


Cookies! My favorite!
This will save a cookie on the computer called MyCookie, and with the value of $username - which now is testuser
You can define the time for it to expire aswell, with setcookie(Name, Value, Time);
If you dont set the time for it to expire, it will just expire when the brower is closed.

After that, we have a simple link to the memberspage.
That is our next step!

Not much code is really needed in this page. Just something to check if the cookie exist, and a way to log out. So, here we go!

PHP Code:

// Check if logged in
<?
if (!isset ( $_COOKIE["DeepCookie"] ) )
{die ("Login first");}
?>

There you go. This one is very simple, it just checks if the cookie exist, well, actually - a translation would be "if DeepCookie dousent exist. Kill the load and say Login First".
You get it ^^,

Last thing, we need a logoutpage. In the memberspage, just write in:

Code:

<a href="logout.php">logout here</a>

And put this in the logout.php:

PHP Code:

<?
setcookie("DeepCookie", "testuser", time()-1000);
?>

That just modifies the cookie so it will expire 1000 seconds ago

There! You have your loginscript!
I just made this a little quick, so post whatever non-working code you might find.

Take care everyone!

/Deep.

[Virtual]

Nicely explained

[BlackOut]

Nice job

[Lillen2k]

Tnx t have looking for a loginscript for a realy long time, Now i only need to install Dreamweaver

[Xiao]

Very nice, but maybe write an extension including addslashes and stripslahes etc. to make it more secure

[shogun]

login script on my site is very similar. Also using cookies. But, on next CMS i ll program i would rather use php sessions. Any experiences with them?

[Xiao]

much easier and safer
I've got a tutorial in a PHP book I've got here, I could write a little one if you want

[shogun]

Xiao Wrote:much easier and safer
I've got a tutorial in a PHP book I've got here, I could write a little one if you want

i would appreciate that tut. thx

[Lillen2k]

Xiao Wrote:much easier and safer
I've got a tutorial in a PHP book I've got here, I could write a little one if you want

that woud be nice

[pal]

nice man, might use it